ipfw firewalling for bhyve host, bypassing bhyve guests
- Reply: Paul Vixie : "ipfw firewalling for bhyve host, bypassing bhyve guests"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 15 Oct 2023 14:13:59 UTC
Hello, My objective is to protect services on a bhyve host, while allowing traffic to the bhyve guests to pass to them unprocessed, as these each have pf and their own firewall policies. The host running an up-to-date 13-stable. I know ipfw can process both layer 2 and layer 3 traffic, but pf only processes layer 3 so that is why i want to use ipfw on the bhyve host. So we have bridge0 with igb0 tap0 and tap1 as members. In this example, igb0 has a mac address of 11:11:11:11:11:11 tap0 has 22:22:22:22:22:22 tap1 has 33:33:33:33:33:33 How can I tell ipfw to pass 22:22:22:22:22:22 and 33:33:33:33:33:33 and apply no more rules to frames matching those MACs? Let's say I want to just block on 11:11:11:11:11:11 (igb0) port 22 apart from 10.0.0.0/24 22:22:22:22:22:22 passing unhindered, unprocessed. Possible? --